I have a project that I am working on, and I am not very well versed in perl... what I need from perl is a counter that will work for "thousands" of web pages and sites that are setup as subdomains... i.e. http://www.perlguru.com/????.htm... I heard perl was the place to look, and I am not knowledgeable in perl, so I don't know how to set up a counter program that will handle all of these websites "separately"...

"Imagine providing your users with their own counters! You now have that option. This script is fully customizable with headers, footer, fully customizable colors, and customizable images! You can have an unlimited amount of counter digits to choose from! All this will guarentee visitors to your site"

But first, yes, if you want to pass information to the program like this, <exec cgi="counter.cgi?counter_file=xxxxxx>, you need to tell the program what's the variable name and value. That's what your parseinput subroutines does.

So put the sub parseInput subroutine in (and get rid of the () that's after the sub parseInput that you have in your code), and put

&parseInput;

before you start opening files -- this invokes the subroutine, which will assign the information you're passing to the program, in this case, $fields{'counter_file'}

As for the security hole... you never want to allow anyone to pass a whole filename for opening and manipulating on your server.

What if someone passed <exec cgi="counter.cgi?counter_file=/home/yourdomain/www/index.html> (or worse -- a password file)? The counter program would open it, increment it, and display it in the browser. Voila! A messed up home page.

The best thing to do is set a complete server path for the file, and if the file has a static suffix, toss that in there too for good measure (and don't pass the file suffix in your exec cgi call, just the filename). Example: